Bringing insights into TCP resets and timeouts to Cloudflare Radar

Cloudflare handles over 60 million HTTP requests per second globally, with approximately 70% received over TCP connections (the remaining are QUIC/UDP). Anomalous TCP connections occur when a connection is unexpectedly halted before any useful data exchange occurs. These connections can be closed due to various reasons such as scanners, sudden application shutdowns, network errors, attacks, and tampering. Cloudflare has launched a new dashboard and API endpoint on Cloudflare Radar that shows near real-time view of TCP connections to its network that terminate within the first 10 ingress packets due to resets or timeouts. Analyzing this anomalous behavior provides insights into scanning, connection tampering, DoS attacks, connectivity issues, and other behaviors.